Couchgram Co., Ltd. (hereinafter called “the Company”) is striving to always safely protect the personal information of customers. The Company observes the related laws such as the 『Personal Information Protection Act』 and the 『Act on Promotion of Information and Communications Network Utilization and Information Protection』 etc., which are the major laws related to protection of personal information and various regulations, and establishes and makes public the personal information handling policy as follows so that the related problems can be quickly and smoothly processed:
Article 1 (Items of Personal Information Collected and the Collection Method)
1. Telephone number of member
- The telephone number registered in the terminal
2. The information about the terminal used by the member
- Model name of the terminal, OS name, OS version, and IMEI information
② The Company collects the personal information prepared by the member in person for the purpose of using services as optional items in addition to the essential items.
- Information required for provision of customized service
- Gender, year of birth, and location information
- Information required for preparation of person profile
- Information prepared by the member among residence, company, school, e-mail address, and website information
3. Personal profile of the receiver to send the purchased product, and payment settlement, information of the usage of the sent product with information about visual usage, payment type, and payment history.
All information is encrypted and is not used for purposes other than point accumulation and billing.
Article 3 (Processing and Possession Period of Personal Information)
① The Company processes and possesses personal information within the possession/use period of personal information specified in the law or the possession/use period of personal information accepted by the information provider when collecting the personal information.
② The processing and possession period of personal information in each case is as follows:
- The personal information possessed in accordance with the internal policy of the Company;
The company keeps an unjustifiable use record for a certain period of time in accordance with the internal policy to prevent disputes caused by unjustifiable use of services. In this case, the Company uses the stored information only for the purpose of storage, and the storage period is as follows:
- Unjustifiable use record
ㆍ Reason for preservation: Prevention of unjustifiable use in accordance with the internal policy of the Company
- Preservation period: One year after cancellation of service contract
- The personal information possessed pursuant to related law
In the case personal information is required to be preserved pursuant to the provisions of the related law such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, etc., the Company keeps the relevant personal information for a certain period specified in the related law. In this case, the Company uses the stored information only for the purpose of storage, and the storage period is as follows:
- Record related to consumer complaints or dispute settlement
ㆍ Reason for preservation: the Act on Consumer Protection in Electronic Commerce, etc.
ㆍ Period of preservation: 3 years
- Record related to identification
ㆍ Reason for preservation: The Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
ㆍ Period of preservation: 6 months after cancellation of service contract
- Service visit record
ㆍ Reason for preservation: The Protection of Communications Secret Act
ㆍ Period of preservation: 3 months
Article 4 (Provision of Personal Information to a Third Party)
① The Company shall process the personal information of the information provider only within the scope specified in Article 2 (Processing Purpose of Personal Information), and shall not use it in excess of said scope without obtaining advance consent of the information provider and shall not disclose personal information of the information provider to outside in principle. However, the following cases shall grant exception:
- when the information provider has agreed on disclosure of the information in advance
- when there is a special provision in the related law
- when it is required by an investigative organization in accordance with the procedure and method specified in the law for the purpose of investigation.
Article 5 (Entrustment of Processing of Personal Information)
The Company has not entrusted handling of personal information to anybody up to now. However, handling of personal information may be entrusted in the future for work processing for service and events, in which case the Company shall observe the provisions of the related laws, for example, by clearly notifying the information provider of the entrusted organization, the works entrusted, and the possession and use period of the personal information.
Article 6 (Possession and Use Period of Personal Information)
① Information providers may exercise the right related to personal information protection to ask the Company to do one of the things specified in the following subparagraphs:
- to allow the information provider to read the personal information
- to correct any errors
- to delete the personal information
- to stop processing the personal information
② The right pursuant to Paragraph ① may be exercised in writing or via telephone, e-mail or fax to the Company, when the Company will take the necessary action without delay.
③ When an information provider asks the Company to correct errors in the personal information or delete it, the Company shall not use or provide the relevant personal information until correction or deletion is completed.
④ The right pursuant to Paragraph ① may be exercised by a representative such as the legal representative of the information provider or a person delegated by the information provider. In this case, a power of attorney prepared in form no. 11 annexed to the Enforcement Regulation of the Personal Information Protection Act should be submitted.
⑤ Information providers should not infringe the personal information or privacy of the information providers themselves or others the Company is processing by violating the related laws such as the Personal Information Protection Act.
Article 7 (Destruction of Personal Information)
① The Company shall destroy the relevant personal information without delay when the personal information has become unnecessary as, for example, the possession period of the personal information has expired or the purpose of processing has been achieved.
② If the personal information should be continued being preserved pursuant to another law even though the possession period of the personal information agreed by the information provider has expired or the purpose of processing has been achieved, the relevant personal information shall be preserved being moved to a separate database or a different storage.
③ The destruction methods of personal information are as follows:
- The personal information printed on paper shall be destroyed by being shredded or burnt.
- The personal information stored in an electronic file such as a database shall be deleted by a technical method that does not allow reproduction.
Article 8 (Installation and Operation of Personal Information Automatic Collection System)
① The Company automatically collects the following minimum essential items of personal information of the information provider when the stage of initial account registration is completed after the service is installed to provide service.
② Members may refuse collection of the essential items of personal information by withdrawing service use before completing the account registration stage. However, the member who refuses collection of the minimum essential items of personal information shall not be able to use the service.
Article 9 (Measures to secure Safety of Personal Information)
① The Company takes the following technical/administrative measures to secure safety lest the personal information should be lost, stolen, leaked, falsified or damaged in handling the personal information of the information providers.
- Technical protection measures
- The Company is striving to prevent the personal information of members from being leaked or damaged by hacking, a computer virus, etc.
- The Company is striving to be equipped with all possible technical devices to secure systematic security.
- Administrative protection measures
- The Company is striving to check whether the person in charge of personal information complies with the personal information handling policy of the Company or not through the in-house department related to personal information protection, and to correct and rectify the situation immediately when a problem is found.
② The Company shall not take any responsibility for the problem caused by carelessness of the information providers themselves or the basic risk of the Internet.
Article 10 (Manager in Charge of Personal Information Protection)
① The Company has appointed the manager in charge of personal information protection as follows, who shall generally manage and be responsible for the works related to handling of personal information, settle the complaints of information providers related to handling of personal information, and relieve the damage to them:
[Person responsible for Personal Information Protection]
Name: Peter Yang
Organization: Security division
Phone no.: +82-31-609-5511
※ The call will be switched to the department in charge of personal information protection.
② Information providers may send inquires about matters related to personal information protection, settlement of complaints, damage relief, etc. arising in the course of using the services of the Company to the person responsible for personal information protection or the department in charge. The Company shall send answers to and process the inquiries from information providers without delay.
Article 11 (Rights/Interests Infringement Relief Method)
Information providers may send an inquiry about damage relief and consultation in relation to infringement of personal information to the following organizations:
The following are the organizations separate from the Company, to which you may send an inquiry if not satisfied with the result of complaint settlement or damage relief by the Company itself or more detailed help is needed.
- Personal Information Infringement Report Center (http://privacy.kisa.or.krkormain.jsp) (118)
- Information Protection Mark Certification Committee (http://www.eprivacy.or.kr) (+82-2-580-0533~4)
- Cyber Bureau of National Police Agency (http://www.ctrc.go.kr) (+82-2-392-0330)
Article 12 (Change in Personal Information Handling Policy)
- This personal information handling policy shall be enforced by January 11, 2015.